Johnson, C. W. , Evangelopoulou, M. and Pavlova, T. (2017) Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things. Proceedings 35th International System Safety Conference, Albuquerque, NM, USA, 21-25 Aug 2017.
|
Text
150357.pdf - Accepted Version 183kB |
Abstract
Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America.
Item Type: | Conference or Workshop Item |
---|---|
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Johnson, Professor Chris and Evangelopoulou, Miss Maria and Pavlova, Miss Tanya |
Authors: | Johnson, C. W., Evangelopoulou, M., and Pavlova, T. |
College/School: | College of Science and Engineering > School of Computing Science |
Copyright Holders: | Copyright © 2017 The Authors |
Publisher Policy: | Reproduced with the permission of the Authors |
University Staff: Request a correction | Enlighten Editors: Update this record